Skip to main content
NormaGrid

Data Governance Act (DGA)

In force Data & Privacy Regulation Adopted: 30 May 2022 · Applies from: 24 September 2023

AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.

Summary

Regulation (EU) 2022/868 (Data Governance Act) establishes a framework to increase trust in data sharing in the EU. It sets conditions for the re-use of certain categories of protected public-sector data, creates a notification and oversight regime for data intermediation services, and introduces a framework for voluntary “data altruism” to make data available for objectives of general interest. It also provides for the creation of the European Data Innovation Board to support consistent implementation.

Who is affected?

Public-sector bodies and other entities holding protected data whose re-use is permitted under the Regulation, providers of data intermediation services, and organisations engaging in data altruism are directly affected. Data users (businesses, researchers and public bodies) seeking access to such data are indirectly affected through the new access and governance mechanisms.

Scope

Applies across the EU to the re-use of certain protected public-sector data, to providers of data intermediation services, and to the voluntary registration and supervision of recognised data altruism organisations.

Key Points

  • Sets conditions for re-use of protected public-sector data (e.g., data subject to commercial confidentiality, statistical confidentiality, intellectual property rights, and personal data) while preserving applicable EU and national law.
  • Establishes a notification framework and requirements for providers of data intermediation services (neutrality, separation from other services, transparency, and safeguards against misuse).
  • Creates an EU framework for “data altruism”, including voluntary registration as a recognised data altruism organisation and related transparency and governance obligations.
  • Provides for competent authorities and supervision/enforcement mechanisms at Member State level, including monitoring of data intermediation services and recognised data altruism organisations.
  • Establishes the European Data Innovation Board to support coordination, guidance and best practices for implementation.

Key Deadlines

  • — Application date (Regulation applies from this date).

Related Regulations

Frequently Asked Questions

Who must comply with the Data Governance Act (DGA)?

Public-sector bodies holding protected data, providers of data intermediation services, and organisations wishing to be recognised as data altruism organisations must comply with the DGA. Data users such as businesses and researchers are also affected through new access and governance mechanisms.

What types of data are covered by the DGA?

The DGA covers certain categories of protected public-sector data, including data subject to commercial confidentiality, statistical confidentiality, intellectual property rights, and personal data, provided their re-use is permitted under applicable laws.

What are the key obligations for providers of data intermediation services under the DGA?

Providers must notify competent authorities before offering their services, ensure neutrality, maintain separation from other services, provide transparency, and implement safeguards against misuse of data.

What is 'data altruism' as defined by the DGA?

Data altruism refers to the voluntary sharing of data by individuals or entities for objectives of general interest, such as scientific research or improving public services, under a formal framework and subject to transparency and governance requirements.

How does the DGA interact with other EU data and privacy regulations?

The DGA complements existing EU laws such as the GDPR and the Open Data Directive, ensuring that re-use of protected data remains subject to applicable data protection and confidentiality rules.

What penalties or enforcement mechanisms exist under the DGA?

Member States designate competent authorities to supervise compliance, monitor providers and organisations, and impose penalties for breaches, which may include fines or withdrawal of recognition for data altruism organisations.

What is the European Data Innovation Board and what is its role?

The European Data Innovation Board is an expert group established by the DGA to support consistent implementation, provide guidance, and promote best practices across the EU regarding data sharing and governance.

What practical steps should a public-sector body take to comply with the DGA?

Public-sector bodies should identify protected data eligible for re-use, establish procedures for handling requests, ensure compliance with applicable confidentiality and data protection rules, and cooperate with competent authorities.

How can an organisation become a recognised data altruism organisation under the DGA?

Organisations must apply for voluntary registration with the relevant national authority, meet transparency and governance requirements, and adhere to obligations set out in the DGA regarding the use and management of data.

When did the DGA enter into force and what are the key timelines for compliance?

The DGA entered into force on 23 June 2022, with most provisions applying from 24 September 2023. Entities subject to the DGA should ensure compliance from this date onward.

Key Terms

Protected Public-Sector Data
Data held by public-sector bodies that is subject to specific protections, such as commercial or statistical confidentiality, intellectual property rights, or personal data regulations.
Data Intermediation Service
A service that facilitates data sharing between data holders and data users, acting as a neutral intermediary under specific transparency and governance requirements.
Data Altruism
The voluntary sharing of data by individuals or organisations for objectives of general interest, such as scientific research or public policy development, under a regulated framework.
Recognised Data Altruism Organisation
An entity that has been formally registered and authorised to collect and process data for altruistic purposes in accordance with the DGA's requirements.
European Data Innovation Board
An expert group established by the DGA to support consistent implementation, provide guidance, and promote best practices in data governance across the EU.
Competent Authority
A national body designated by each Member State to supervise, monitor, and enforce compliance with the DGA, including oversight of data intermediation services and data altruism organisations.
Notification Framework
A system requiring providers of data intermediation services to notify competent authorities before commencing operations, ensuring transparency and oversight.
Re-use of Data
The process of making protected public-sector data available for purposes other than the original one for which it was collected, subject to conditions set by the DGA and other applicable laws.
Neutrality Requirement
An obligation for data intermediation service providers to act impartially and not use data for their own benefit, ensuring fair and unbiased facilitation of data sharing.
General Interest Purpose
Objectives that benefit society as a whole, such as scientific research, healthcare, environmental protection, or public policy, which justify the voluntary sharing of data under the DGA.